sig_cloud
/
sig-cloud-instance-images
mirror of https://github.com/rocky-linux/sig-cloud-instance-images.git
4
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: 8ccce7fd31

This commit is contained in:
NeilHanlon 2023-03-02 13:06:47 +00:00
parent f1f1e369b8
commit 250593a1d4
2 changed files with 468 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
index.html
View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-01 13:21:33.738697307 +0000 UTC m=+7.275805085 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-02 13:06:46.710565862 +0000 UTC m=+1.204165521 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-01 13:21:33.738721907 +0000 UTC m=+7.275829685</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-02 13:06:46.710595861 +0000 UTC m=+1.204195620</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header">
@ -101,9 +101,11 @@
<td class="links" data-more-links="off">
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/1">http://www.openwall.com/lists/oss-security/2022/09/21/1</a>
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/4">http://www.openwall.com/lists/oss-security/2022/09/21/4</a>
<a href="https://access.redhat.com/errata/RHSA-2022:7323">https://access.redhat.com/errata/RHSA-2022:7323</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2020-10735">https://access.redhat.com/security/cve/CVE-2020-10735</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
@ -111,7 +113,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y">https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-7323.html">https://errata.almalinux.org/9/ALSA-2022-7323.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/95778">https://github.com/python/cpython/issues/95778</a>
<a href="https://linux.oracle.com/cve/CVE-2020-10735.html">https://linux.oracle.com/cve/CVE-2020-10735.html</a>
@ -146,11 +148,12 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:8353">https://access.redhat.com/errata/RHSA-2022:8353</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2021-28861">https://access.redhat.com/security/cve/CVE-2021-28861</a>
<a href="https://bugs.python.org/issue43223">https://bugs.python.org/issue43223</a>
<a href="https://bugzilla.redhat.com/2075390">https://bugzilla.redhat.com/2075390</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2054702">https://bugzilla.redhat.com/show_bug.cgi?id=2054702</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2059951">https://bugzilla.redhat.com/show_bug.cgi?id=2059951</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2075390">https://bugzilla.redhat.com/show_bug.cgi?id=2075390</a>
@ -158,7 +161,7 @@
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2128249">https://bugzilla.redhat.com/show_bug.cgi?id=2128249</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-8353.html">https://errata.almalinux.org/9/ALSA-2022-8353.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2022:8353">https://errata.rockylinux.org/RLSA-2022:8353</a>
<a href="https://github.com/python/cpython/pull/24848">https://github.com/python/cpython/pull/24848</a>
<a href="https://github.com/python/cpython/pull/93879">https://github.com/python/cpython/pull/93879</a>
@ -190,8 +193,10 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0953">https://access.redhat.com/errata/RHSA-2023:0953</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-45061">https://access.redhat.com/security/cve/CVE-2022-45061</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
@ -199,7 +204,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0953.html">https://errata.almalinux.org/9/ALSA-2023-0953.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/98433">https://github.com/python/cpython/issues/98433</a>
<a href="https://github.com/python/cpython/pull/99092">https://github.com/python/cpython/pull/99092</a>
@ -250,9 +255,11 @@
<td class="links" data-more-links="off">
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/1">http://www.openwall.com/lists/oss-security/2022/09/21/1</a>
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/4">http://www.openwall.com/lists/oss-security/2022/09/21/4</a>
<a href="https://access.redhat.com/errata/RHSA-2022:7323">https://access.redhat.com/errata/RHSA-2022:7323</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2020-10735">https://access.redhat.com/security/cve/CVE-2020-10735</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
@ -260,7 +267,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y">https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-7323.html">https://errata.almalinux.org/9/ALSA-2022-7323.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/95778">https://github.com/python/cpython/issues/95778</a>
<a href="https://linux.oracle.com/cve/CVE-2020-10735.html">https://linux.oracle.com/cve/CVE-2020-10735.html</a>
@ -295,11 +302,12 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:8353">https://access.redhat.com/errata/RHSA-2022:8353</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2021-28861">https://access.redhat.com/security/cve/CVE-2021-28861</a>
<a href="https://bugs.python.org/issue43223">https://bugs.python.org/issue43223</a>
<a href="https://bugzilla.redhat.com/2075390">https://bugzilla.redhat.com/2075390</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2054702">https://bugzilla.redhat.com/show_bug.cgi?id=2054702</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2059951">https://bugzilla.redhat.com/show_bug.cgi?id=2059951</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2075390">https://bugzilla.redhat.com/show_bug.cgi?id=2075390</a>
@ -307,7 +315,7 @@
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2128249">https://bugzilla.redhat.com/show_bug.cgi?id=2128249</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-8353.html">https://errata.almalinux.org/9/ALSA-2022-8353.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2022:8353">https://errata.rockylinux.org/RLSA-2022:8353</a>
<a href="https://github.com/python/cpython/pull/24848">https://github.com/python/cpython/pull/24848</a>
<a href="https://github.com/python/cpython/pull/93879">https://github.com/python/cpython/pull/93879</a>
@ -339,8 +347,10 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0953">https://access.redhat.com/errata/RHSA-2023:0953</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-45061">https://access.redhat.com/security/cve/CVE-2022-45061</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
@ -348,7 +358,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0953.html">https://errata.almalinux.org/9/ALSA-2023-0953.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/98433">https://github.com/python/cpython/issues/98433</a>
<a href="https://github.com/python/cpython/pull/99092">https://github.com/python/cpython/pull/99092</a>
@ -397,18 +407,17 @@
<td class="pkg-version">239-68.el8_7.2</td>
<td>239-68.el8_7.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0954">https://access.redhat.com/errata/RHSA-2023:0954</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2149063">https://bugzilla.redhat.com/2149063</a>
<a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0954.html">https://errata.almalinux.org/9/ALSA-2023-0954.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://linux.oracle.com/cve/CVE-2022-4415.html">https://linux.oracle.com/cve/CVE-2022-4415.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0837.html">https://linux.oracle.com/errata/ELSA-2023-0837.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0954.html">https://linux.oracle.com/errata/ELSA-2023-0954.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">https://nvd.nist.gov/vuln/detail/CVE-2022-4415</a>
<a href="https://www.openwall.com/lists/oss-security/2022/12/21/3">https://www.openwall.com/lists/oss-security/2022/12/21/3</a>
</td>
@ -420,18 +429,17 @@
<td class="pkg-version">239-68.el8_7.2</td>
<td>239-68.el8_7.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0954">https://access.redhat.com/errata/RHSA-2023:0954</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2149063">https://bugzilla.redhat.com/2149063</a>
<a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0954.html">https://errata.almalinux.org/9/ALSA-2023-0954.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://linux.oracle.com/cve/CVE-2022-4415.html">https://linux.oracle.com/cve/CVE-2022-4415.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0837.html">https://linux.oracle.com/errata/ELSA-2023-0837.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0954.html">https://linux.oracle.com/errata/ELSA-2023-0954.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">https://nvd.nist.gov/vuln/detail/CVE-2022-4415</a>
<a href="https://www.openwall.com/lists/oss-security/2022/12/21/3">https://www.openwall.com/lists/oss-security/2022/12/21/3</a>
</td>
@ -443,18 +451,17 @@
<td class="pkg-version">239-68.el8_7.2</td>
<td>239-68.el8_7.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0954">https://access.redhat.com/errata/RHSA-2023:0954</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2149063">https://bugzilla.redhat.com/2149063</a>
<a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0954.html">https://errata.almalinux.org/9/ALSA-2023-0954.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://linux.oracle.com/cve/CVE-2022-4415.html">https://linux.oracle.com/cve/CVE-2022-4415.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0837.html">https://linux.oracle.com/errata/ELSA-2023-0837.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0954.html">https://linux.oracle.com/errata/ELSA-2023-0954.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">https://nvd.nist.gov/vuln/detail/CVE-2022-4415</a>
<a href="https://www.openwall.com/lists/oss-security/2022/12/21/3">https://www.openwall.com/lists/oss-security/2022/12/21/3</a>
</td>
@ -466,12 +473,12 @@
<td class="pkg-version">2:1.30-6.el8</td>
<td>2:1.30-6.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0959">https://access.redhat.com/errata/RHSA-2023:0959</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0842">https://access.redhat.com/errata/RHSA-2023:0842</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-48303">https://access.redhat.com/security/cve/CVE-2022-48303</a>
<a href="https://bugzilla.redhat.com/2149722">https://bugzilla.redhat.com/2149722</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2149722">https://bugzilla.redhat.com/show_bug.cgi?id=2149722</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0959.html">https://errata.almalinux.org/9/ALSA-2023-0959.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0842.html">https://errata.almalinux.org/8/ALSA-2023-0842.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0842">https://errata.rockylinux.org/RLSA-2023:0842</a>
<a href="https://linux.oracle.com/cve/CVE-2022-48303.html">https://linux.oracle.com/cve/CVE-2022-48303.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0959.html">https://linux.oracle.com/errata/ELSA-2023-0959.html</a>

431
trivy-results.sarif
View File

@ -0,0 +1,431 @@
{
"version": "2.1.0",
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
"runs": [
{
"tool": {
"driver": {
"fullName": "Trivy Vulnerability Scanner",
"informationUri": "https://github.com/aquasecurity/trivy",
"name": "Trivy",
"rules": [
{
"id": "CVE-2020-10735",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS"
},
"fullDescription": {
"text": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\u0026#34;text\u0026#34;), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2020-10735",
"help": {
"text": "Vulnerability CVE-2020-10735\nSeverity: MEDIUM\nPackage: python3-libs\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)\nA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.",
"markdown": "**Vulnerability CVE-2020-10735**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|python3-libs|3.6.8-48.el8_7.1.rocky.0|[CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)|\n\nA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2021-28861",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "python: open redirection vulnerability in lib/http/server.py may lead to information disclosure"
},
"fullDescription": {
"text": "** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \u0026#34;Warning: http.server is not recommended for production. It only implements basic security checks.\u0026#34;"
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2021-28861",
"help": {
"text": "Vulnerability CVE-2021-28861\nSeverity: MEDIUM\nPackage: python3-libs\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)\n** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"",
"markdown": "**Vulnerability CVE-2021-28861**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|python3-libs|3.6.8-48.el8_7.1.rocky.0|[CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)|\n\n** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\""
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-45061",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "Python: CPU denial of service via inefficient IDNA decoder"
},
"fullDescription": {
"text": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-45061",
"help": {
"text": "Vulnerability CVE-2022-45061\nSeverity: MEDIUM\nPackage: python3-libs\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)\nAn issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",
"markdown": "**Vulnerability CVE-2022-45061**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|python3-libs|3.6.8-48.el8_7.1.rocky.0|[CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)|\n\nAn issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-4415",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting"
},
"fullDescription": {
"text": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-4415",
"help": {
"text": "Vulnerability CVE-2022-4415\nSeverity: MEDIUM\nPackage: systemd-pam\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)\nA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.",
"markdown": "**Vulnerability CVE-2022-4415**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|systemd-pam|239-68.el8_7.4|[CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)|\n\nA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-48303",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "tar: heap buffer overflow at from_header() in list.c via specially crafted checksum"
},
"fullDescription": {
"text": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-48303",
"help": {
"text": "Vulnerability CVE-2022-48303\nSeverity: MEDIUM\nPackage: tar\nFixed Version: 2:1.30-6.el8_7.1\nLink: [CVE-2022-48303](https://avd.aquasec.com/nvd/cve-2022-48303)\nGNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.",
"markdown": "**Vulnerability CVE-2022-48303**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|tar|2:1.30-6.el8_7.1|[CVE-2022-48303](https://avd.aquasec.com/nvd/cve-2022-48303)|\n\nGNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
}
],
"version": "0.37.2"
}
},
"results": [
{
"ruleId": "CVE-2020-10735",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2020-10735\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: platform-python@3.6.8-48.el8_7.rocky.0"
}
}
]
},
{
"ruleId": "CVE-2021-28861",
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2021-28861\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: platform-python@3.6.8-48.el8_7.rocky.0"
}
}
]
},
{
"ruleId": "CVE-2022-45061",
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2022-45061\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: platform-python@3.6.8-48.el8_7.rocky.0"
}
}
]
},
{
"ruleId": "CVE-2020-10735",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2020-10735\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: python3-libs@3.6.8-48.el8_7.rocky.0"
}
}
]
},
{
"ruleId": "CVE-2021-28861",
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2021-28861\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: python3-libs@3.6.8-48.el8_7.rocky.0"
}
}
]
},
{
"ruleId": "CVE-2022-45061",
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2022-45061\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: python3-libs@3.6.8-48.el8_7.rocky.0"
}
}
]
},
{
"ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: systemd\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: systemd@239-68.el8_7.2"
}
}
]
},
{
"ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: systemd-libs\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: systemd-libs@239-68.el8_7.2"
}
}
]
},
{
"ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: systemd-pam\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: systemd-pam@239-68.el8_7.2"
}
}
]
},
{
"ruleId": "CVE-2022-48303",
"ruleIndex": 4,
"level": "warning",
"message": {
"text": "Package: tar\nInstalled Version: 2:1.30-6.el8\nVulnerability CVE-2022-48303\nSeverity: MEDIUM\nFixed Version: 2:1.30-6.el8_7.1\nLink: [CVE-2022-48303](https://avd.aquasec.com/nvd/cve-2022-48303)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: tar@2:1.30-6.el8"
}
}
]
}
],
"columnKind": "utf16CodeUnits",
"originalUriBaseIds": {
"ROOTPATH": {
"uri": "file:///"
}
}
}
]
}